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fcLAIMS 
What is claimed is: 

^l^^l . A method for providing security, the method comprising the s^s of: 
2f detecting when a request for an action is made by a princip^and 

3 determining whether said action is authorized based on ^ association 

4 between permissions and a plurality of routbies in a calling hierarchy 

5 ^ associated with said prino ipal: 7^ 

1 2. The method of Claim 1, wherein: 

2 the step of detecting when a request for an action is made includes detecting 

3 when a request for an action is made by a thread; and 

4 the step of determining whether said action is authorized includes 

5 determining whether said action is authorized based on an association 

6 between permissions and a plurality of routines in a calling hierarchy 

7 associated with said thread. 

1 3. The method of Claim 1, wherein: 

2 the calling hierarchy includes a first routine; and 

3 the step of determining whether said action is authorized further includes 

4 determining whether a permission required to perform said action is 

5 encompassed by at least one permission associated with said first 

6 routine. 
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The method of Claim 3, wherein said association betwera^ermissions and 
said plurality of routines is based on a first association Jbetween protection 
domains and permissions. 

The method of Claim 4, wherein: 

each routine of said plurality of routines is associated with a class; and 
said association between permissions and/said plurality of routines is based 
QH-a-see ond ass o ciation b etw cqn classca and prot e ction - domains . — - 



The method of Claim 1, wherein the step of determining whether said action 
is authorized further includes determining whether a permission required to 
perform said action is encompassed by at least one permission associated 
with each routine in said calling hierarchy. 

The method of Claim 1 , wherei"^ 
a first routine in said calling hierarchy is privileged; and 
wherein the step of determining whether said action is authorized further 

includes determining whether a permission required to perform said 
action is encompassed by at least one permission associated with each 
routine in said calling hierarchy between and including said first 
routine and ^Zcond routine in said calling hierarchy, wherein said 
second routine is invoked after said first routine, wherein said second 
routine is/performing said requested action. 
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The method of Claim^ wherein the step of determining whether said 
permission required to perform said action is encompassed by at least one 
permission associated with each routine in said calling hierarchy between 
and including said first routine and said second routine further includes the 
steps of: 

determining whether said permission required is encompassed by at least one 
permission associated with said second routine; and 

in response to determining said permission required is encompassed by at 
least one permission associated with said second routine, then 
performing the steps of: 

A) selecting a next routine from said plurality of routines in said 

calling hierarchy, 

B) if said permission required is not encompassed by at least one 

permission associated with said next routine, then transmitting 
a message indicating that said permission required is not 
authorized, and 

C) repeating steps A and B until: 

said permission required is not authorized by at least one 
permission associated with said next routine, 

there are no more routines to select from said plurality of 
routines in said calling hierarchy, or 

determining that said next routine is said first routine. 
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1 ^ The method of Claim^^ wherein: 

2 the method further includes the step of setting a flag associated with said first 

3 routine to indicate that said first routine is privileged; and 

4 the step of determining that said next routine is said first routine includes 

5 determining that a flag associated with said next routine indicates said 

6 next routine is privileged. 

V t 

1 yS, The method of Claim^ wherein the step of setting said flag associated with 

2 said first routine includes setting a flag in a frame in said calling hierarchy 
\^3 associat ed with said thread. 

1/ 11. A computer-readable medium carrying one or more sequences oijm^ or 

2 more instructions, wherein the execution of the one or more^s^uences of the 

3 one or more instructions causes the one or more proce^rs to perform the 

4 steps of: X 

5 detecting when a request for an action is m^ by a principal; and 

6 determining whether said action is aujilorized based on an association 

7 between permissions anjka plurality of routines in a calling hierarchy 
8 ■■ a s so ci at ed wit h s ai rTpr inetpal: — * 

1 y^. The computer-readable medium of Claim wherein: 

2 the step of detecting when a request for an action is made includes detecting 

3 when a request for an action is made by a thread; and 
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4 the step of determining whether said action is authorized includes 

5 determining whether said action is authorized based on an association 

6 between permissions and a pluraUty of routines in a calUng hierarchy 

7 associated with said thread. 

1 The computer readable medium of Claim wherein: 

2 the calling hierarchy includes a first routine; and 

3 the step of determining whether said action is authorized further includes 

4 determining whether a permission required to perform said action is 

5 encompassed by at least one permission associated with said first 

6 routine. 

rl4. The computer-readable medium of Claim Ltfwherein said association 
between permissions and said plujaHfy of routines is based on a first 
association between protpetion domains and permissions. 

1 15. The computer-read4?le medium of Claim 1 1 , wherein: 

I 2 each routine of said plurality of routines is associated with a class; and 

I 3 said association between permissions and said plurality of routines is based 

I 4 -;;^Mt;;seeond-assocTation4?e^^ — ^ 

1 The computer readable medium of Claim wherein the step of determining 

2 whether said action is authorized further includes determining whether a 

3 permission required to perform said action is encompassed by at least one 

4 permission associated with each routine in said calling hierarchy. 
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1 7. The computer readable medium of Claim 1 1 , whereiii: 
a first routine in said calling hierarchy is privilege; and 
wherein the step of determining whether said action is authorized further 

includes determining whether a penmssion required to perform said 
action is encompassed by at least /ne permission associated with each 
routine in said calling hierarchy between and including said first 
routine and a second routinyin said calling hierarchy, wherein said 
second routine is invoke<a after said first routine, wherein said second 

m^^t ipp k pRrfnrming j(pi\c\ rpqnp.r . tpH nr . tinn ^ 

)X, The computer readable medium of Claim wherein the step of determining 
whether said permission required to perform said action is encompassed by 
at least one permission associated with each routine in said calling hierarchy 
between and including said first routine and said second routine further 
includes the steps of: 

determining whether said permission required is encompassed by at least one 
permission associated with said second routine; and 

in response to determining said permission required is encompassed by at 
least one permission associated with said second routine, then 
performing the steps of: 

A) selecting a next routine from said plurality of routines in said 
calling hierarchy. 
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B) if said permission required is not encompassed by at least one 

permission associated with said next routine, then transmitting 
a message indicating that said permission required is not 
authorized, and 

C) repeating steps A and B until: 

said permission required is not authorized by at least one 
permission associated with said next routine, 

there are no more routines to select from said plurality of 
routines in said calling hierarchy, or 

determining that said next routine is said first routine. 

ih 

The computer readable medium of Claim J^, wherein: 

the computer readable medium further comprises one or more instructions 

for performing the step of setting a flag associated with said first 

routine to indicate that said first routine is privileged; and 
the step of determining that said next routine is said first routine includes 

determining that a flag associated with said next routine indicates said 

next routine is privileged. 

The computer readable medium of Claim ^wherein the step of setting said 
flag associated with said first routine includes setting a flag in a frame in said 
calling hierarchy associated with said thread. 
A computer systenlcomprising: 
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2 a processor; 

3 a memory coupled to said processor; 

4 said processor being configured detect when a request for an action is 

5 made by a principal; and/ 

6 said processor being configured to determine whether said action is 

7 authorized based on an/association between permissions and a 

8 plurality of routines in' a calling hierarchy associated with said 

9 principal. 

m 

r^, 1 22. The computer system of C/aim 21 , wherein said processor is configured to 

.1? 2 determine whether said action is authorized by determining whether a 

p 3 permission required to j^rform said action is encompassed by at least one 

^ 4 permission associated with said first routine. 

F / 

N 23 . The computer system of Claim 2 1 , said processor is configured to determine 

C whether said action is authorized by determining whether a permission 

required to perform said action is encompassed by at least one permission 

fi5;5u^e4fH-ef4-wi4 fa^^ ^ ^ roiit inp in s^ajd r.?i11in £ \\\ f^rc\rch3^ 
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